TCG: 0.970
architecture: 0.938
register: 0.886
graphic: 0.863
debug: 0.840
semantic: 0.820
files: 0.798
device: 0.758
vnc: 0.678
network: 0.668
permissions: 0.643
ppc: 0.640
kernel: 0.623
socket: 0.595
PID: 0.570
performance: 0.566
risc-v: 0.547
boot: 0.527
arm: 0.494
VMM: 0.401
peripherals: 0.338
mistranslation: 0.335
i386: 0.321
KVM: 0.302
user-level: 0.280
virtual: 0.276
hypervisor: 0.270
x86: 0.270
assembly: 0.260
--------------------
TCG: 0.968
debug: 0.910
assembly: 0.389
performance: 0.223
files: 0.188
kernel: 0.185
hypervisor: 0.166
register: 0.043
PID: 0.030
architecture: 0.028
semantic: 0.016
device: 0.015
arm: 0.015
virtual: 0.013
user-level: 0.006
network: 0.004
boot: 0.003
graphic: 0.003
VMM: 0.003
peripherals: 0.003
KVM: 0.002
socket: 0.002
permissions: 0.002
risc-v: 0.001
vnc: 0.001
mistranslation: 0.001
x86: 0.001
ppc: 0.000
i386: 0.000

TCG AARCH64 Segmentation fault when helper function is called
Description of problem:
Segmentation fault in the TCG thread.
The issue occurs in the generated code when branching to (helper)lookup_tb_ptr (see op longs).
It seems that the generated instruction don't load the upper32 of the address of lookup_tb_ptr in the register before branching to it. According to LLDB, the program tries to access 0x1cffe060 while the right address 0x7ff71cffe060 (see debugger logs).
Additional information:
The issue seems to be located at https://gitlab.com/qemu-project/qemu/-/blob/master/tcg/aarch64/tcg-target.c.inc#L1091
`t2 = t1 & ~(0xffffUL << s1);`. 
The fix would be `t2 = t1 & ~(0xffffULL << s1);`


[lldb.log](/uploads/6a1d57eaecae4a375c6ada7384489876/lldb.log)
[qemu_segmentation.log](/uploads/e3c2d6d42291ff7d1ff8d37341e3da1d/qemu_segmentation.log)